Experimental: This analyzer is considered experimental. While this analyzer may be useful and provide valid results more testing must be completed to ensure that the false negative/false positive rates are acceptable.
OWASP dependency-check includes an analyzer that can scan a cpanfile to exact
dependency information from Perl projects. The analyzer does not yet differentiate
develop and test dependencies from required dependencies. Nor does the
analyzer support cpanfile.snapshot files yet. Finally, version ranges are
not yet correctly handled either and only the first version in the range is used.
